Issue 52 - Week of Feb 15th

1.       Apple vs. FBI - update: FBI wants to access the iPhone used by the terrorist who killed 14 people in San Bernardino last year. The iPhone is password protected and the 10th wrong attempt will permanently erase all the data on it. Apple can't by-pass this on the iPhone, so FBI has instead asked the company to disable certain features that would help its agents to unlock the iPhone in multiple attempts. Apple has opposed the request and said that this will create a backdoor which will make all iPhones insecure. Microsoft, WhatsApp, Yahoo, Twitter and many others have expressed their solidarity with Apple and support its decision.

2.       Ransomware attack - Hospital pays hackers $17,000 in Bitcoins: A Los Angeles hospital network was hacked and computers were disrupted by Ransomware. The disruption caused emergency rooms and treatments to be affected as doctors could not access computer networks for patient data. This could have been dangerous so the hospital decided to pay up the Ransom to obtain the decryption key. Most of the times Ransomware infiltrates a network with help of a Exploit kit and these kits make it into networks thru Malvertising or email attachments.

3.       Apple addresses error 53: Last edition we discussed 'Error 53' in iPhones, which bricks the phone if a non-apple technician changes the finger print scanner (Touch ID) cum home button of iPhone. The Touch ID is also used by millions of users to make payments using Apple's e-wallet called Apple Pay. Last week Apple apologized for Error 53 and shared steps to recover a bricked phone using iTunes. This will put life back into the bricked phone but the Touch ID feature will remain unusable.

4.       Linux Systems Patched for Critical glibc Flaw: Google exposed a critical flaw affecting major Linux distributions. The glibc flaw could have potentially led to remote code execution. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used and the main risk of this flaw is to Linux client-based applications that rely on DNS responses. Linux runs some of the most critical applications across industries, be it ERP for Manufacturing companies or Portals for the E-commerce world and it’s no wonder that Linux threat protection tops most CIO's investments and plans.

5.       Locky Ransomware - Encrypts Documents, Databases, Code, BitCoin Wallets: A new ransomware named Locky has emerged recently. It uses 128-bit AES encryption and has a domain generation algorithm (DGA). It is also capable of encrypting SQL databases, source code, BitCoin wallets and more. The infection begins with a email containing MS office attachments, which have harmful macros. Once opened these macros connect to the C&C and install the Ransomware. DGA makes it difficult for law enforcement to effectively shut down botnets as it will generate thousands of domain names every day to connect for updates, malware controllers cannot keep pace with this to protect.

6.       IRS Warns of 400% Surge in Email Schemes This Tax Season: The IRS has issued an alert, warning consumers of an influx of tax-related Phishing schemes this filing season which may ask taxpayers about a wide range of topics – such as information related to refunds, filing status, confirming personal information, ordering transcripts or verifying PIN information. By clicking on malicious email links, consumers are taken to sites designed to imitate an official-looking website like IRS.gov, which asks for Social Security numbers and other personal data. The sites could also carry malware, used to infect people’s computers and allow criminals to access their files or track their keystrokes to gain more information, including important login credentials.

7.       Hundreds Of Spotify Premium Accounts Exposed Online: The black-hat hacker world is at it again–this time, publishing hundreds of Spotify Premium user accounts online. The user info appeared in three different online data dumps on Pastebin starting last week. Each dump contained email addresses with their corresponding passwords for Spotify. For some accounts, home countries, account types (such as premium or free), and account renewal dates were also published. Many people use same or similar passwords across their various accounts, hackers may exploit this and try to hack other sensitive accounts like official emails or banking credentials.

8.       Twitter password recovery bug exposes data of 10,000 users: Twitter has warned roughly 10,000 users that a bug discovered in the platform's password recovery system may have exposed their personal data. In a blog post last week, Twitter said the bug affected the micro-blogging platform's systems for approximately 24 hours. The password recovery bug, while "immediately fixed," had the potential to expose the email addresses and phone numbers linked to user accounts. Twitter has notified the 10,000-or so affected users, so if you haven't had an email from the company land in your inbox recently, you have nothing to worry about.

9.       5 top weapons used by hackers: (i) Macros in MS office; (ii) iOS & Android Malware (iii) PHP Malware (iv) Adobe Flash vulnerabilities (v) Old vulnerabilities are the best vulnerabilities as users do not always patch everything. We must learn from these weapons, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to Move forward without fear and focus on their core business & growth.

10.   SIM deactivation fraud linked to bank insiders: Bangalore Cyber Crime investigators suspect that unscrupulous bank employees could be providing or selling online fraudsters confidential information of bank account holders, including their mobile phone numbers and ID-proof details. They have arrested a banker from Hyderabad for allegedly abetting in a ₹1Million fraud on a Bangalore-based garment dealer. The fraudsters use this sensitive information to get duplicate SIM cards and then generate one-time passwords to siphon off money from bank accounts. This could be a nation-wide scam as investigators have also arrested two accomplices from Mumbai, non-banking staff, who routed the money to various accounts that were emptied out via ATMs.